4.4
CVE-2024-40588
- EPSS 0.02%
- Veröffentlicht 12.08.2025 18:59:11
- Zuletzt bearbeitet 14.08.2025 01:14:41
- Quelle psirt@fortinet.com
- Teams Watchlist Login
- Unerledigt Login
Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiMail version 7.6.0 through 7.6.1 and before 7.4.3, FortiVoice version 7.0.0 through 7.0.5 and before 7.4.9, FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4, FortiCamera & FortiNDR version 7.6.0 and before 7.4.6 may allow a privileged attacker to read files from the underlying filesystem via crafted CLI requests.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fortinet ≫ Forticamera Firmware Version >= 2.0.0 <= 2.1.4
Fortinet ≫ Fortirecorder Version >= 6.4.0 < 7.0.5
Fortinet ≫ Fortirecorder Version >= 7.2.0 < 7.2.2
Fortinet ≫ Fortivoice Version >= 6.0.0 < 6.4.10
Fortinet ≫ Fortivoice Version >= 7.0.0 < 7.0.5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.036 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@fortinet.com | 4.4 | 0.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
|
CWE-23 Relative Path Traversal
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.